install openstack liberty in ubuntu 14.04 server
2016-01-04 16:25
447 查看
我安装的拓扑如下:
为了简便我每个节点只用了一个nic。使用provide network和Linux bridge的方式
注:A. vi编辑文本时没有的要加上去。不要改动原文件里的内容,除非我注明要把之前的【**】下面的东西删掉再加
B.10.0.0.11是controller的interface
C.参考官网文章http://docs.openstack.org/liberty/install-guide-ubuntu/
个人密码设置:Glance用户密码是glance
Demo用户密码是demo
Nova 用户密码是nova
Neutron用户密码是neutron
其他密码按照官网的
开始
在每个节点上编辑/etc/hosts# controller 10.0.0.11 controller # compute1 10.0.0.31 compute1 # object1 10.0.0.51 object1 # object2 10.0.0.52 object2
确保ping外网和openstack.org可以ping通
# ping -c 4 openstack.org PING openstack.org (174.143.194.225) 56(84) bytes of data. 64 bytes from 174.143.194.225: icmp_seq=1 ttl=54 time=18.3 ms 64 bytes from 174.143.194.225: icmp_seq=2 ttl=54 time=17.5 ms 64 bytes from 174.143.194.225: icmp_seq=3 ttl=54 time=17.5 ms 64 bytes from 174.143.194.225: icmp_seq=4 ttl=54 time=17.4 ms --- openstack.org ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 3022ms rtt min/avg/max/mdev = 17.489/17.715/18.346/0.364 ms
# ping -c 4 compute1 PING compute1 (10.0.0.31) 56(84) bytes of data. 64 bytes from compute1 (10.0.0.31): icmp_seq=1 ttl=64 time=0.263 ms 64 bytes from compute1 (10.0.0.31): icmp_seq=2 ttl=64 time=0.202 ms 64 bytes from compute1 (10.0.0.31): icmp_seq=3 ttl=64 time=0.203 ms 64 bytes from compute1 (10.0.0.31): icmp_seq=4 ttl=64 time=0.202 ms --- compute1 ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 3000ms rtt min/avg/max/mdev = 0.202/0.217/0.263/0.030 ms
在controller上配置NTP
# apt-get install chrony
编辑 /etc/chrony/chrony.conf
server NTP_SERVER iburst
重启服务
service chrony restart
配置其他node NTP:
重复controller的三个步骤,在/etc/chrony/chrony.conf里把server NTP_SERVER iburst改成
server controller iburst
重启服务
验证NTP:
# chronyc sources 210 Number of sources = 2 MS Name/IP address Stratum Poll Reach LastRx Last sample =============================================================================== ^- 192.0.2.11 2 7 12 137 -2814us[-3000us] +/- 43ms ^* 192.0.2.12 2 6 177 46 +17us[ -23us] +/- 68ms
安装openstack依赖包(每个node都需要)
# apt-get install software-properties-common # add-apt-repository cloud-archive:liberty apt-get update && apt-get dist-upgrade # apt-get install python-openstackclient
controller安装SQL database
# apt-get install mariadb-server python-pymysql
编辑/etc/mysql/conf.d/mysqld_openstack.cnf
[mysqld] ... bind-address = 10.0.0.11 [mysqld] ... default-storage-engine = innodb innodb_file_per_table collation-server = utf8_general_ci init-connect = 'SET NAMES utf8' character-set-server = utf8
重启数据库
# service mysql restart
controller安装NoSQL database
apt-get install mongodb-server mongodb-clients python-pymongo
编辑/etc/mongodb.conf
bind_ip = 10.0.0.11
完成安装
# service mongodb stop # rm /var/lib/mongodb/journal/prealloc.* # service mongodb start
controller安装消息队列
注:Creating user “openstack” …等是console的信息这里的密码或者下文出现的密码可以自己改,但是不能混淆
# apt-get install rabbitmq-server
rabbitmqctl add_user openstack RABBIT_PASS Creating user "openstack" ...
rabbitmqctl set_permissions openstack ".*" ".*" ".*" Setting permissions for user "openstack" in vhost "/" ...
controller安装keystone
$ mysql -u root -p
CREATE DATABASE keystone;
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \ IDENTIFIED BY 'KEYSTONE_DBPASS'; GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \ IDENTIFIED BY 'KEYSTONE_DBPASS';
退出数据库,创建一个administration token,记下出来的一串数字
openssl rand -hex 10
echo "manual" > /etc/init/keystone.override
apt-get install keystone apache2 libapache2-mod-wsgi \ memcached python-memcache
编辑/etc/keystone/keystone.conf
这个ADMIN_TOKEN就填刚刚的那串数字
[DEFAULT] ... admin_token = ADMIN_TOKEN
[database] ... connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone
[memcache] ... servers = localhost:11211
[token] ... provider = uuid driver = memcache
[revoke] ... driver = sql
[DEFAULT] ... verbose = True
同步数据库:
# su -s /bin/sh -c "keystone-manage db_sync" keystone
出现下面的log,如果在root下就去掉su -s
配置Apache HTTP server
ServerName controller
创建/etc/apache2/sites-available/wsgi-keystone.conf
Listen 5000 Listen 35357 <VirtualHost *:5000> WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP} WSGIProcessGroup keystone-public WSGIScriptAlias / /usr/bin/keystone-wsgi-public WSGIApplicationGroup %{GLOBAL} WSGIPassAuthorization On <IfVersion >= 2.4> ErrorLogFormat "%{cu}t %M" </IfVersion> ErrorLog /var/log/apache2/keystone.log CustomLog /var/log/apache2/keystone_access.log combined <Directory /usr/bin> <IfVersion >= 2.4> Require all granted </IfVersion> <IfVersion < 2.4> Order allow,deny Allow from all </IfVersion> </Directory> </VirtualHost> <VirtualHost *:35357> WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP} WSGIProcessGroup keystone-admin WSGIScriptAlias / /usr/bin/keystone-wsgi-admin WSGIApplicationGroup %{GLOBAL} WSGIPassAuthorization On <IfVersion >= 2.4> ErrorLogFormat "%{cu}t %M" </IfVersion> ErrorLog /var/log/apache2/keystone.log CustomLog /var/log/apache2/keystone_access.log combined <Directory /usr/bin> <IfVersion >= 2.4> Require all granted </IfVersion> <IfVersion < 2.4> Order allow,deny Allow from all </IfVersion> </Directory> </VirtualHost>
启动服务:
# ln -s /etc/apache2/sites-available/wsgi-keystone.conf /etc/apache2/sites-enabled
完成安装:
service apache2 restart
# rm -f /var/lib/keystone/keystone.db
创建service entity和API endpoints
export OS_TOKEN=ADMIN_TOKEN(替换ADMIN_TOKEN) export OS_URL=http://controller:35357/v3 export OS_IDENTITY_API_VERSION=3
openstack service create \ --name keystone --description "OpenStack Identity" identity +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | OpenStack Identity | | enabled | True | | id | 4ddaae90388b4ebc9d252ec2252d8d10 | | name | keystone | | type | identity | +-------------+----------------------------------+
创建三个endpoint
openstack endpoint create --region RegionOne \ identity public http://controller:5000/v2.0 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | 30fff543e7dc4b7d9a0fb13791b78bf4 | | interface | public | | region | RegionOne | | region_id | RegionOne | | service_id | 8c8c0927262a45ad9066cfe70d46892c | | service_name | keystone | | service_type | identity | | url | http://controller:5000/v2.0 | +--------------+----------------------------------+ $ openstack endpoint create --region RegionOne \ identity internal http://controller:5000/v2.0 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | 57cfa543e7dc4b712c0ab137911bc4fe | | interface | internal | | region | RegionOne | | region_id | RegionOne | | service_id | 6f8de927262ac12f6066cfe70d99ac51 | | service_name | keystone | | service_type | identity | | url | http://controller:5000/v2.0 | +--------------+----------------------------------+ $ openstack endpoint create --region RegionOne \ identity admin http://controller:35357/v2.0 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | 78c3dfa3e7dc44c98ab1b1379122ecb1 | | interface | admin | | region | RegionOne | | region_id | RegionOne | | service_id | 34ab3d27262ac449cba6cfe704dbc11f | | service_name | keystone | | service_type | identity | | url | http://controller:35357/v2.0 | +--------------+----------------------------------+
创建admin project
openstack project create --domain default \ --description "Admin Project" admin +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | Admin Project | | domain_id | default | | enabled | True | | id | 343d245e850143a096806dfaefa9afdc | | is_domain | False | | name | admin | | parent_id | None | +-------------+----------------------------------+
创建admin user:
openstack user create --domain default \ --password-prompt admin User Password: Repeat User Password: +-----------+----------------------------------+ | Field | Value | +-----------+----------------------------------+ | domain_id | default | | enabled | True | | id | ac3377633149401296f6c0d92d79dc16 | | name | admin | +-----------+----------------------------------+
创建admin role:
openstack role create admin +-------+----------------------------------+ | Field | Value | +-------+----------------------------------+ | id | cd2cb9a39e874ea69e5d4b896eb16128 | | name | admin | +-------+----------------------------------+
Add the admin role to the admin project and user
openstack role add --project admin --user admin admin
*还可以添加service project和demo用户。这个不详写了。
验证keystone是否正常
unset OS_TOKEN OS_URL
输入admin用户的密码
openstack --os-auth-url http://controller:35357/v3 \ --os-project-domain-id default --os-user-domain-id default \ --os-project-name admin --os-username admin --os-auth-type password \ token issue Password: +------------+----------------------------------+ | Field | Value | +------------+----------------------------------+ | expires | 2015-03-24T18:55:01Z | | id | ff5ed908984c4a4190f584d826d75fed | | project_id | cf12a15c5ea84b019aec3dc45580896b | | user_id | 4d411f2291f34941b30eef9bd797505a | +------------+----------------------------------+
这样keystone就完成了。也可以用一个脚本去source环境变量
参考这里:
http://docs.openstack.org/liberty/install-guide-ubuntu/keystone-openrc.html
controller安装glance服务
$ mysql -u root -p
CREATE DATABASE glance;
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \ IDENTIFIED BY 'GLANCE_DBPASS'; GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \ IDENTIFIED BY 'GLANCE_DBPASS';
source环境变量:
$ source admin-openrc.sh
创建一个glance用户:
openstack user create --domain default --password-prompt glance User Password: Repeat User Password: +-----------+----------------------------------+ | Field | Value | +-----------+----------------------------------+ | domain_id | default | | enabled | True | | id | e38230eeff474607805b596c91fa15d9 | | name | glance | +-----------+----------------------------------+
Add the admin role to the glance user and service project
openstack role add --project service --user glance admin
创建glance的service entity
openstack service create --name glance \ --description "OpenStack Image service" image +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | OpenStack Image service | | enabled | True | | id | 8c2c7f1b9b5049ea9e63757b5533e6d2 | | name | glance | | type | image | +-------------+----------------------------------+
创建API endpoints
openstack endpoint create --region RegionOne \ image public http://controller:9292 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | 340be3625e9b4239a6415d034e98aace | | interface | public | | region | RegionOne | | region_id | RegionOne | | service_id | 8c2c7f1b9b5049ea9e63757b5533e6d2 | | service_name | glance | | service_type | image | | url | http://controller:9292 | +--------------+----------------------------------+ $ openstack endpoint create --region RegionOne \ image internal http://controller:9292 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | a6e4b153c2ae4c919eccfdbb7dceb5d2 | | interface | internal | | region | RegionOne | | region_id | RegionOne | | service_id | 8c2c7f1b9b5049ea9e63757b5533e6d2 | | service_name | glance | | service_type | image | | url | http://controller:9292 | +--------------+----------------------------------+ $ openstack endpoint create --region RegionOne \ image admin http://controller:9292 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | 0c37ed58103f4300a84ff125a539032d | | interface | admin | | region | RegionOne | | region_id | RegionOne | | service_id | 8c2c7f1b9b5049ea9e63757b5533e6d2 | | service_name | glance | | service_type | image | | url | http://controller:9292 | +--------------+----------------------------------+
安装包:
apt-get install glance python-glanceclient
修改 /etc/glance/glance-api.conf
把GLANCE_PASS改成glance user的密码
[database] ... connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance [keystone_authtoken] ... auth_uri = http://controller:5000 auth_url = http://controller:35357 auth_plugin = password project_domain_id = default user_domain_id = default project_name = service username = glance password = GLANCE_PASS [paste_deploy] ... flavor = keystone [glance_store] ... default_store = file filesystem_store_datadir = /var/lib/glance/images/ [DEFAULT] ... notification_driver = noop
编辑/etc/glance/glance-registry.conf(把GLANCE_PASS替换成自己设置的密码,下面的我都不提醒了)
[database] ... connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance [keystone_authtoken] ... auth_uri = http://controller:5000 auth_url = http://controller:35357 auth_plugin = password project_domain_id = default user_domain_id = default project_name = service username = glance password = GLANCE_PASS [paste_deploy] ... flavor = keystone [DEFAULT] ... notification_driver = noop
同步数据库
*如果你在root下的话直接/bin/sh -c “glance-manage db_sync” glance,否则可能出错
su -s /bin/sh -c "glance-manage db_sync" glance
重启服务
# service glance-registry restart # service glance-api restart # rm -f /var/lib/glance/glance.sqlite
验证功能
$ echo "export OS_IMAGE_API_VERSION=2" \ | tee -a admin-openrc.sh demo-openrc.sh
$ source admin-openrc.sh
$ wget http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img[/code]$ glance image-create --name "cirros" \ --file cirros-0.3.4-x86_64-disk.img \ --disk-format qcow2 --container-format bare \ --visibility public --progress [=============================>] 100% +------------------+--------------------------------------+ | Property | Value | +------------------+--------------------------------------+ | checksum | 133eae9fb1c98f45894a4e60d8736619 | | container_format | bare | | created_at | 2015-03-26T16:52:10Z | | disk_format | qcow2 | | id | 38047887-61a7-41ea-9b49-27987d5e8bb9 | | min_disk | 0 | | min_ram | 0 | | name | cirros | | owner | ae7a98326b9c455588edd2656d723b9d | | protected | False | | size | 13200896 | | status | active | | tags | [] | | updated_at | 2015-03-26T16:52:10Z | | virtual_size | None | | visibility | public | +------------------+--------------------------------------+$ glance image-list +--------------------------------------+--------+ | ID | Name | +--------------------------------------+--------+ | 38047887-61a7-41ea-9b49-27987d5e8bb9 | cirros | +--------------------------------------+--------+
这样glance就成功了controller安装Compute服务
$ mysql -u root -pCREATE DATABASE nova;GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \ IDENTIFIED BY 'NOVA_DBPASS'; GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \ IDENTIFIED BY 'NOVA_DBPASS';$ source admin-openrc.sh$ openstack user create --domain default --password-prompt nova User Password: Repeat User Password: +-----------+----------------------------------+ | Field | Value | +-----------+----------------------------------+ | domain_id | default | | enabled | True | | id | 8c46e4760902464b889293a74a0c90a8 | | name | nova | +-----------+----------------------------------+$ openstack role add --project service --user nova adminopenstack service create --name nova \ --description "OpenStack Compute" compute +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | OpenStack Compute | | enabled | True | | id | 060d59eac51b4594815603d75a00aba2 | | name | nova | | type | compute | +-------------+----------------------------------+openstack endpoint create --region RegionOne \ compute public http://controller:8774/v2/%\(tenant_id\)s +--------------+-----------------------------------------+ | Field | Value | +--------------+-----------------------------------------+ | enabled | True | | id | 3c1caa473bfe4390a11e7177894bcc7b | | interface | public | | region | RegionOne | | region_id | RegionOne | | service_id | e702f6f497ed42e6a8ae3ba2e5871c78 | | service_name | nova | | service_type | compute | | url | http://controller:8774/v2/%(tenant_id)s | +--------------+-----------------------------------------+ $ openstack endpoint create --region RegionOne \ compute internal http://controller:8774/v2/%\(tenant_id\)s +--------------+-----------------------------------------+ | Field | Value | +--------------+-----------------------------------------+ | enabled | True | | id | e3c918de680746a586eac1f2d9bc10ab | | interface | internal | | region | RegionOne | | region_id | RegionOne | | service_id | e702f6f497ed42e6a8ae3ba2e5871c78 | | service_name | nova | | service_type | compute | | url | http://controller:8774/v2/%(tenant_id)s | +--------------+-----------------------------------------+ $ openstack endpoint create --region RegionOne \ compute admin http://controller:8774/v2/%\(tenant_id\)s +--------------+-----------------------------------------+ | Field | Value | +--------------+-----------------------------------------+ | enabled | True | | id | 38f7af91666a47cfb97b4dc790b94424 | | interface | admin | | region | RegionOne | | region_id | RegionOne | | service_id | e702f6f497ed42e6a8ae3ba2e5871c78 | | service_name | nova | | service_type | compute | | url | http://controller:8774/v2/%(tenant_id)s | +--------------+-----------------------------------------+# apt-get install nova-api nova-cert nova-conductor \ nova-consoleauth nova-novncproxy nova-scheduler \ python-novaclient
编辑文件 /etc/nova/nova.conf[database] ... connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova[DEFAULT] ... rpc_backend = rabbit [oslo_messaging_rabbit] ... rabbit_host = controller rabbit_userid = openstack rabbit_password = RABBIT_PASS [DEFAULT] ... auth_strategy = keystone [keystone_authtoken] ... auth_uri = http://controller:5000 auth_url = http://controller:35357 auth_plugin = password project_domain_id = default user_domain_id = default project_name = service username = nova password = NOVA_PASS [DEFAULT] ... my_ip = 10.0.0.11 [DEFAULT] ... network_api_class = nova.network.neutronv2.api.API security_group_api = neutron linuxnet_interface_driver = nova.network.linux_net.NeutronLinuxBridgeInterfaceDriver firewall_driver = nova.virt.firewall.NoopFirewallDriver [vnc] ... vncserver_listen = $my_ip vncserver_proxyclient_address = $my_ip [glance] ... host = controller [oslo_concurrency] ... lock_path = /var/lib/nova/tmp [DEFAULT] ... enabled_apis=osapi_compute,metadata
同步数据库su -s /bin/sh -c "nova-manage db sync" nova
重启服务# service nova-api restart # service nova-cert restart # service nova-consoleauth restart # service nova-scheduler restart # service nova-conductor restart # service nova-novncproxy restart# rm -f /var/lib/nova/nova.sqlite安装compute节点
apt-get install nova-compute sysfsutils
编辑/etc/nova/nova.conf[DEFAULT] ... rpc_backend = rabbit [oslo_messaging_rabbit] ... rabbit_host = controller rabbit_userid = openstack rabbit_password = RABBIT_PASS [DEFAULT] ... auth_strategy = keystone [keystone_authtoken] ... auth_uri = http://controller:5000 auth_url = http://controller:35357 auth_plugin = password project_domain_id = default user_domain_id = default project_name = service username = nova password = NOVA_PASS [DEFAULT] ... my_ip = MANAGEMENT_INTERFACE_IP_ADDRESS [DEFAULT] ... network_api_class = nova.network.neutronv2.api.API security_group_api = neutron linuxnet_interface_driver = nova.network.linux_net.NeutronLinuxBridgeInterfaceDriver firewall_driver = nova.virt.firewall.NoopFirewallDriver [vnc] ... enabled = True vncserver_listen = 0.0.0.0 vncserver_proxyclient_address = $my_ip novncproxy_base_url = http://controller:6080/vnc_auto.html [glance] ... host = controller [oslo_concurrency] ... lock_path = /var/lib/nova/tmp
完成安装$ egrep -c '(vmx|svm)' /proc/cpuinfo
这个命令是用了选择kvm或者qemu的
*If this command returns a value of one or greater, your compute node supports hardware acceleration which typically requires no additional configuration.
If this command returns a value of zero, your compute node does not support hardware acceleration and you must configure libvirt to use QEMU instead of KVM.
编辑 /etc/nova/nova-compute.conf[libvirt] ... virt_type = qemu# service nova-compute restart # rm -f /var/lib/nova/nova.sqlite
验证安装source admin-openrc.shnova service-list +----+------------------+------------+----------+---------+-------+--------------+-----------------+ | Id | Binary | Host | Zone | Status | State | Updated_at | Disabled Reason | +----+------------------+------------+----------+---------+-------+--------------+-----------------+ | 1 | nova-conductor | controller | internal | enabled | up | 2014-09-16.. | - | | 2 | nova-consoleauth | controller | internal | enabled | up | 2014-09-16.. | - | | 3 | nova-scheduler | controller | internal | enabled | up | 2014-09-16.. | - | | 4 | nova-cert | controller | internal | enabled | up | 2014-09-16.. | - | | 5 | nova-compute | compute1 | nova | enabled | up | 2014-09-16.. | - | +----+------------------+------------+----------+---------+-------+--------------+-----------------+$ nova endpoints +-----------+------------------------------------------------------------+ | nova | Value | +-----------+------------------------------------------------------------+ | id | 1fb997666b79463fb68db4ccfe4e6a71 | | interface | public | | region | RegionOne | | region_id | RegionOne | | url | http://controller:8774/v2/ae7a98326b9c455588edd2656d723b9d | +-----------+------------------------------------------------------------+ +-----------+------------------------------------------------------------+ | nova | Value | +-----------+------------------------------------------------------------+ | id | bac365db1ff34f08a31d4ae98b056924 | | interface | admin | | region | RegionOne | | region_id | RegionOne | | url | http://controller:8774/v2/ae7a98326b9c455588edd2656d723b9d | +-----------+------------------------------------------------------------+ +-----------+------------------------------------------------------------+ | nova | Value | +-----------+------------------------------------------------------------+ | id | e37186d38b8e4b81a54de34e73b43f34 | | interface | internal | | region | RegionOne | | region_id | RegionOne | | url | http://controller:8774/v2/ae7a98326b9c455588edd2656d723b9d | +-----------+------------------------------------------------------------+ +-----------+----------------------------------+ | glance | Value | +-----------+----------------------------------+ | id | 41ad39f6c6444b7d8fd8318c18ae0043 | | interface | admin | | region | RegionOne | | region_id | RegionOne | | url | http://controller:9292 | +-----------+----------------------------------+ +-----------+----------------------------------+ | glance | Value | +-----------+----------------------------------+ | id | 50ecc4ce62724e319f4fae3861e50f7d | | interface | internal | | region | RegionOne | | region_id | RegionOne | | url | http://controller:9292 | +-----------+----------------------------------+ +-----------+----------------------------------+ | glance | Value | +-----------+----------------------------------+ | id | 7d3df077a20b4461a372269f603b7516 | | interface | public | | region | RegionOne | | region_id | RegionOne | | url | http://controller:9292 | +-----------+----------------------------------+ +-----------+----------------------------------+ | keystone | Value | +-----------+----------------------------------+ | id | 88150c2fdc9d406c9b25113701248192 | | interface | internal | | region | RegionOne | | region_id | RegionOne | | url | http://controller:5000/v2.0 | +-----------+----------------------------------+ +-----------+----------------------------------+ | keystone | Value | +-----------+----------------------------------+ | id | cecab58c0f024d95b36a4ffa3e8d81e1 | | interface | public | | region | RegionOne | | region_id | RegionOne | | url | http://controller:5000/v2.0 | +-----------+----------------------------------+ +-----------+----------------------------------+ | keystone | Value | +-----------+----------------------------------+ | id | fc90391ae7cd4216aca070042654e424 | | interface | admin | | region | RegionOne | | region_id | RegionOne | | url | http://controller:35357/v2.0 | +-----------+----------------------------------+$ nova image-list +--------------------------------------+--------+--------+--------+ | ID | Name | Status | Server | +--------------------------------------+--------+--------+--------+ | 38047887-61a7-41ea-9b49-27987d5e8bb9 | cirros | ACTIVE | | +--------------------------------------+--------+--------+--------+在这里我遇到了问题
当我输入nova-endpoints命令时WARNING: glance has no endpoint in RegionOne! Available endpoints for this service: WARNING: keystone has no endpoint in RegionOne! Available endpoints for this service:
不过貌似对openstack没有什么影响在controller上安装neutron服务
neutron架构:我是用provider network+vxlan+linux bridge.
public (provider) and private (self-service) networks
所以在官网文档上选择Networking Option 2: Self-service networks$ mysql -u root -pCREATE DATABASE neutron;GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \ IDENTIFIED BY 'NEUTRON_DBPASS'; GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \ IDENTIFIED BY 'NEUTRON_DBPASS';
退出数据库$ source admin-openrc.sh$ openstack user create --domain default --password-prompt neutron User Password: Repeat User Password: +-----------+----------------------------------+ | Field | Value | +-----------+----------------------------------+ | domain_id | default | | enabled | True | | id | b20a6692f77b4258926881bf831eb683 | | name | neutron | +-----------+----------------------------------+$ openstack role add --project service --user neutron admin$ openstack service create --name neutron \ --description "OpenStack Networking" network +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | OpenStack Networking | | enabled | True | | id | f71529314dab4a4d8eca427e701d209e | | name | neutron | | type | network | +-------------+----------------------------------+$ openstack endpoint create --region RegionOne \ network public http://controller:9696 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | 85d80a6d02fc4b7683f611d7fc1493a3 | | interface | public | | region | RegionOne | | region_id | RegionOne | | service_id | f71529314dab4a4d8eca427e701d209e | | service_name | neutron | | service_type | network | | url | http://controller:9696 | +--------------+----------------------------------+ $ openstack endpoint create --region RegionOne \ network internal http://controller:9696 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | 09753b537ac74422a68d2d791cf3714f | | interface | internal | | region | RegionOne | | region_id | RegionOne | | service_id | f71529314dab4a4d8eca427e701d209e | | service_name | neutron | | service_type | network | | url | http://controller:9696 | +--------------+----------------------------------+ $ openstack endpoint create --region RegionOne \ network admin http://controller:9696 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | 1ee14289c9374dffb5db92a5c112fc4e | | interface | admin | | region | RegionOne | | region_id | RegionOne | | service_id | f71529314dab4a4d8eca427e701d209e | | service_name | neutron | | service_type | network | | url | http://controller:9696 | +--------------+----------------------------------+
安装包:# apt-get install neutron-server neutron-plugin-ml2 \ neutron-plugin-linuxbridge-agent neutron-l3-agent neutron-dhcp-agent \ neutron-metadata-agent python-neutronclient
编辑/etc/neutron/neutron.conf(注意合并)[database] ... connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron [DEFAULT] ... core_plugin = ml2 service_plugins = router allow_overlapping_ips = True [DEFAULT] ... rpc_backend = rabbit [oslo_messaging_rabbit] ... rabbit_host = controller rabbit_userid = openstack rabbit_password = RABBIT_PASS [DEFAULT] ... auth_strategy = keystone [keystone_authtoken] ... auth_uri = http://controller:5000 auth_url = http://controller:35357 auth_plugin = password project_domain_id = default user_domain_id = default project_name = service username = neutron password = NEUTRON_PASS [DEFAULT] ... notify_nova_on_port_status_changes = True notify_nova_on_port_data_changes = True nova_url = http://controller:8774/v2 [nova] ... auth_url = http://controller:35357 auth_plugin = password project_domain_id = default user_domain_id = default region_name = RegionOne project_name = service username = nova password = NOVA_PASS
编辑/etc/neutron/plugins/ml2/ml2_conf.ini[ml2] ... type_drivers = flat,vlan,vxlan [ml2] ... tenant_network_types = vxlan [ml2] ... mechanism_drivers = linuxbridge,l2population [ml2] ... extension_drivers = port_security [ml2_type_flat] ... flat_networks = public [ml2_type_vxlan] ... vni_ranges = 1:1000 [securitygroup] ... enable_ipset = True
编辑 /etc/neutron/plugins/ml2/linuxbridge_agent.ini[linux_bridge] physical_interface_mappings = public:PUBLIC_INTERFACE_NAME[vxlan] enable_vxlan = True local_ip = OVERLAY_INTERFACE_IP_ADDRESS l2_population = True[agent] ... prevent_arp_spoofing = True[securitygroup] ... enable_security_group = True firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
编辑/etc/neutron/l3_agent.ini[DEFAULT] ... interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver external_network_bridge =
编辑/etc/neutron/dhcp_agent.ini[DEFAULT] ... interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq enable_isolated_metadata = True [DEFAULT] ... dnsmasq_config_file = /etc/neutron/dnsmasq-neutron.conf
创建 /etc/neutron/dnsmasq-neutron.confdhcp-option-force=26,1450
编辑/etc/neutron/metadata_agent.ini[DEFAULT] ... auth_uri = http://controller:5000 auth_url = http://controller:35357 auth_region = RegionOne auth_plugin = password project_domain_id = default user_domain_id = default project_name = service username = neutron password = NEUTRON_PASS [DEFAULT] ... nova_metadata_ip = controller [DEFAULT] ... metadata_proxy_shared_secret = METADATA_SECRET
编辑/etc/nova/nova.conf[neutron] ... url = http://controller:9696 auth_url = http://controller:35357 auth_plugin = password project_domain_id = default user_domain_id = default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = True metadata_proxy_shared_secret = METADATA_SECRET
同步数据库su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \ --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
重启网络服务# service nova-api restart # service neutron-server restart # service neutron-plugin-linuxbridge-agent restart # service neutron-dhcp-agent restart # service neutron-metadata-agent restart # service neutron-l3-agent restart # rm -f /var/lib/neutron/neutron.sqlite在compute节点上安装neutron服务
# apt-get install neutron-plugin-linuxbridge-agent
编辑/etc/neutron/neutron.conf[DEFAULT] ... rpc_backend = rabbit [oslo_messaging_rabbit] ... rabbit_host = controller rabbit_userid = openstack rabbit_password = RABBIT_PASS [DEFAULT] ... auth_strategy = keystone [keystone_authtoken] ... auth_uri = http://controller:5000 auth_url = http://controller:35357 auth_plugin = password project_domain_id = default user_domain_id = default project_name = service username = neutron password = NEUTRON_PASS
编辑/etc/neutron/plugins/ml2/linuxbridge_agent.ini[linux_bridge] physical_interface_mappings = public:PUBLIC_INTERFACE_NAME
[vxlan] enable_vxlan = True local_ip = OVERLAY_INTERFACE_IP_ADDRESS l2_population = True
[agent] ... prevent_arp_spoofing = True
[securitygroup] ... enable_security_group = True firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
编辑/etc/nova/nova.conf[neutron] ... url = http://controller:9696 auth_url = http://controller:35357 auth_plugin = password project_domain_id = default user_domain_id = default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS
重启计算节点网络服务# service nova-compute restart # service neutron-plugin-linuxbridge-agent restart
验证neutron服务:$ source admin-openrc.sh$ neutron ext-list +-----------------------+-----------------------------------------------+ | alias | name | +-----------------------+-----------------------------------------------+ | dns-integration | DNS Integration | | address-scope | Address scope | | ext-gw-mode | Neutron L3 Configurable external gateway mode | | binding | Port Binding | | agent | agent | | subnet_allocation | Subnet Allocation | | l3_agent_scheduler | L3 Agent Scheduler | | external-net | Neutron external network | | flavors | Neutron Service Flavors | | net-mtu | Network MTU | | quotas | Quota management support | | l3-ha | HA Router extension | | provider | Provider Network | | multi-provider | Multi Provider Network | | extraroute | Neutron Extra Route | | router | Neutron L3 Router | | extra_dhcp_opt | Neutron Extra DHCP opts | | security-group | security-group | | dhcp_agent_scheduler | DHCP Agent Scheduler | | rbac-policies | RBAC Policies | | port-security | Port Security | | allowed-address-pairs | Allowed Address Pairs | | dvr | Distributed Virtual Router | +-----------------------+-----------------------------------------------+$ neutron agent-list +--------------------------------------+--------------------+------------+-------+----------------+---------------------------+ | id | agent_type | host | alive | admin_state_up | binary | +--------------------------------------+--------------------+------------+-------+----------------+---------------------------+ | 08905043-5010-4b87-bba5-aedb1956e27a | Linux bridge agent | compute1 | :-) | True | neutron-linuxbridge-agent | | 27eee952-a748-467b-bf71-941e89846a92 | Linux bridge agent | controller | :-) | True | neutron-linuxbridge-agent | | 830344ff-dc36-4956-84f4-067af667a0dc | L3 agent | controller | :-) | True | neutron-l3-agent | | dd3644c9-1a3a-435a-9282-eb306b4b0391 | DHCP agent | controller | :-) | True | neutron-dhcp-agent | | f49a4b81-afd6-4b3d-b923-66c8f0517099 | Metadata agent | controller | :-) | True | neutron-metadata-agent | +--------------------------------------+--------------------+------------+-------+----------------+---------------------------+controller节点安装dashboard
apt-get install openstack-dashboard
编辑/etc/openstack-dashboard/local_settings.pyOPENSTACK_HOST = "controller" ALLOWED_HOSTS = ['*', ] CACHES = { 'default': { 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache', 'LOCATION': '127.0.0.1:11211', } } OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user" TIME_ZONE = "TIME_ZONE"(参考官网)
重启服务dashboard# service apache2 reload
验证dashboard服务Access the dashboard using a web browser at http://controller/horizon.
这样简单的openstack liberty就成功了,后续可以再做HA和其他组件安装。
大部分内容摘自官网:
http://docs.openstack.org/liberty/install-guide-ubuntu
相关文章推荐
- 在linux下配置javaWeb项目.sh部署脚本
- Linux用户空间与内核空间
- Linux 系统应用编程——文件I/O
- Linux/Unix下ODBC的安装
- nginx的配置与安装
- nginx+tomcat_install
- 关于使用BeanUtils.copyProperties拷贝时,时间类型为空时转换异常
- 【Flex学习】Flex4学习网站
- 不停止Nginx服务的情况下平滑变更Nginx配置(转)
- Hadoop - Kylin On OLAP
- linux(centos) 保存退出vi编辑
- 配置linux服务器的防火墙,以CENTOS 为例(转载)
- opencv学习之轮廓高级应用(轮廓匹配,几何直方图)
- Nginx相关基础配置详解(详细)
- Ubuntu: Making your microphone work
- linux常用命令-date-clock-hwclock-type-whatis--help-man-info-cal
- Linux平台部署varnish 高性能缓存服务器(1)
- 【opencv学习】完全基于opencv的双目景深与测距的实现
- RESTful 架构详解
- 新手维护服务器之administrator在多台电脑上登录